
WE CLAIM: 

1 . In a computer network with a plurality of network devices, a method for 
distributed generation of unique random numbers for digital cookies, comprising the 
steps of: 

5 generating a first portion of a x-bit digital cookie on a first network device on the 

computer network based on an x-bit bit mask template sent to the first network device 
from a second network device on the computer network; 

sending a first message to request a second portion of the x-bit digital cookie from 
the second network device, wherein the first message includes the first portion of the 

□ 10 x-bit digital cookie; 

;;; ; receiving a first response from the second network device wherein the first 

response includes a second portion of the x-bit digital cookie from the second network 
}% device, and wherein the second network device generates potential x-bit digital cookies 

q using the first portion of the x-bit digital cookie from the first network device and a 

□ 15 second portion of the x-bit digital cookie generated on the second network device until 
P the second network device generates a potential x-bit digital cookie that is not in use on 

the computer network; 

generating a complete x-bit digital cookie on the first network device using the 
first portion of the x-bit digital cookie and the second portion of the x-bit digital cookie, 
20 wherein the complete x-bit digital cookie is not in use on the computer network. 
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2. A computer readable medium having stored therein instructions for causing a 
central processing unit to execute the method of Claim 1 . 

3. The method of Claim 1 further comprising: 

5 sending the complete x-bit digital cookie in a plurality of messages used to a 

establish a secure connection between the first network device on the computer network 
and third network device on a remote computer network. 



4. The method of Claim 4 wherein the plurality of messages include a plurality of 
1 0 Internet Key Exchange protocol messages. 



5. The method of Claim 1 wherein the step of generating a first portion of an 
x-bit digital cookie includes generating a n-bit random number, wherein the number-n is 
determined by counting n-number of bits set to a value of one in the x-bit bit mask sent to 

15 the first network device by the second network device. 

6. The method of Claim 1 wherein the second portion of the bit mask is an (x-n) 
bit random number generated on the second network device, wherein n is less than or 
equal to x. 



20 



7. The method of Claim 1 wherein the x-bit bit mask template is a 64-bit, bit 
mask template. 
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8. The method of Claim 1 wherein the step of generating a complete x-bit digital 
cookie on the first network device includes generating a complete x-bit digital cookie on 
the first network device by placing values of bits from the first portion of the x-bit digital 
cookie in bit positions with a value of one using the x-bit bit mask template, and by 
5 placing values of bits from the second portion of the x-bit digital cookie in bit positions 
with a value of zero using the x-bit bit mask template. 



9. The method of Claim 1 wherein the second network device is any of a 
Distributed Network Address Translation gateway or a Realm Specific Internet Protocol 
10 gateway. 



10. In a computer network with a plurality of network devices, a method for 
distributed generation of unique random numbers for digital cookies, comprising the 
steps of: 

15 maintaining a list of complete digital cookies in use on the computer network on a 

second network device; 

generating a x-bit bit mask template on a second network device, wherein the x- 
bit bit mask has n-bits randomly set to a value of one and remaining (x-n) bits randomly 
set to value of zero wherein n is less than or equal to x; 
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sending the x-bit bit mask template to a first network device on the computer 
network; 

receiving a request from the first network device to request a second portion of a 
x-bit digital cookie from the second network device, wherein the first message includes 
5 an first portion of the x-bit digital cookie; 

(a) generating a second portion of a x-bit digital cookie on the second network 

device; 

(b) generating a potential x-bit digital cookie on the second network device using 
the first portion of the x-bit digital cookie generated on the first network device and the 

3 10 second portion of the x-bit digital cookie generated on the second network device; 

(c) comparing the potential x-bit digital cookie with complete digital cookies from 
j the list of complete digital cookies maintained on the second network device that are in 

jr use on the computer network; 

3 repeating steps (a), (b) and (c) until a potential x-bit digital cookie is generated 

3 15 that is not in use on the computer network; and 

i sending the second portion of the x-bit digital cookie for the potential x-bit digital 

cookie that is not in use on the computer network to the first network device, wherein the 
first network device uses the first portion of the x-bit digital cookie and the second 
portion of the x-bit digital cookie to create a complete x-bit digital cookie that is not in 
20 use on the computer network. 
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1 1 . A computer readable medium having stored therein instructions for causing a 
central processing unit to execute the method of Claim 10. 

12. The method of Claim 10 wherein the first portion of the x-bit digital cookie 
5 includes an n-bit random number, wherein the n-bits were determined by counting a 

number of bits set to the value of one in the x-bit bit mask sent to the first network device 
and generating an n-bit random number on the first network device. 

13. The method of Claim 10 wherein step (a) includes generating a (x-n) bit 
random number on the second network device, wherein the first portion of the x-bit 
digital cookie from the first network device includes n-bits. 

14. The method of Claim 10 wherein step (b) includes placing values of bits from 
a n-bit first portion of the x-bit digital cookie generated on the first network device in bit 
positions with a value of one in the x-bit bit mask, and placing values of bits from a (x-n) 
bit second portion of the x-bit digital cookie generating on the second network device in 
bit positions with a value of zero in the x-bit bit mask. 

15. The method of Claim 10 wherein the x-bit bit mask template is a 64-bit, bit 
20 mask template. 
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16. The method of Claim 10 wherein the second network device is any of a 
Distributed Network Address Translation gateway or a Realm Specific Internet Protocol 

gateway. 



5 17. In a computer network with a plurality of network devices, a method for 

distributed generation of unique random numbers for digital cookies, comprising the 
steps of: 

sending a first request from a first network device to a second network device for 
an x-bit bit mask template; 
10 receiving a first response on the first network device from the second network 

device including a x-bit bit mask template, wherein the x-bit bit mask template has n-bits 
randomly set to a value of one and remaining (x-n) bits randomly set to a value of zero, 
wherein n is less than or equal to x; 

counting n-number of ones in the x-bit bit mask template on the first network 

15 device; 

generating an n-bit random number on the first network device based on the n- 
number of ones counted in the x-bit bit mask; 

sending a second request to the second network device including the n-bit random 
number for a (x-n) bit random number 
20 receiving a second response from the second network device including a (x-n) bit 

random number; and 
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creating a complete digital cookie using the (x-n) bit random number, the x-bit 
random number and the x-bit bit mask, wherein the complete digital cookie is not in use 
on the computer network. 



5 

18. A computer readable medium having stored therein instructions for causing a 
central processing unit to execute the method of Claim 17. 



19. The method of Claim 17 wherein the x-bit bit mask template is a 64-bit bit 
10 mask template. 

20. The method of Claim 17 wherein the second network device is any of a 
Distributed Network Address Translation gateway or a Realm Specific Internet Protocol 
gateway. 

15 

21. The method of Claim 17 further comprising: 

sending the complete x-bit digital cookie in a plurality of messages used to a 
establish a secure connection between the first network device on the computer network 
and third network device on a remote computer network. 

20 

22. The method of Claim 21 wherein the plurality of messages include a plurality 
of Internet Key Exchange protocol messages. 
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23. In a computer network with a plurality of network devices, a method for 
distributed generation of unique random numbers for digital cookies, comprising the 
steps of: 

maintaining a list of complete digital cookies in use on the computer network on a 
5 second network device; 

generating a x-bit bit mask template on a second network device, wherein the x- 
bit bit mask has n-bits randomly set to a value of one and remaining (x-n) bits randomly 
set to value of zero, wherein n is less than or equal to x; 

sending the x-bit bit mask template to a first network device on the computer 

□ 10 network; 

J receiving a request from the first network device to request an (x-n) bit random 

L""i number for an x-bit digital cookie from the second network device, wherein the first 

:=q message includes an n-bit random number; 

□ (a) generating a (x-n) bit random number on the second network device; 

C3 15 (b) generating a potential x-bit digital cookie on the second network device using 

M the n-bit random number generated on the first network device and the (x-n) bit random 

generated on the second network device, wherein the potential x-bit digital cookie is 
generated by placing values of bits from the n-bit random number generated on the first 
network device in bit positions with a value of one in the x-bit bit mask, and placing 
20 values of bits from a (x-n) bit random number generating on the second network device 
in bit positions with a value of zero in the x-bit bit mask; 
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(c) comparing the potential x-bit digital cookie with complete digital cookies from 
the list of complete digital cookies maintained on the first network device that are in use 
on the computer network; 

repeating steps (a), (b) and (c) until a potential x-bit digital cookie is generated 
5 that is not in use on the computer network; 

sending the (x-n) bit random number used to generate the potential x-bit digital 
cookie that is not in use on the computer network to the first network device, wherein the 
first network device uses the n-bit random number and the (x-n) bit random number to 
create a complete x-bit digital cookie that is not in use on the computer network. 

0 

24. A computer readable medium having stored therein instructions for causing a 
central processing unit to execute the method of Claim 23. 



25. The method of Claim 23 wherein the x-bit bit mask template is a 64-bit, bit 
15 mask template. 



26. The method of Claim 23 wherein the second network device is any of a 
Distributed Network Address Translation gateway or a Realm Specific Internet Protocol 
gateway. 

20 
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27. The method of Claim 23 further comprising generating a complete x-bit 
digital cookie on the first network device using the n-bit random number, the (x-n) bit 
random number and the x-bit bit mask template. 
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